How Certificates/Import assigns Certificate Type

POST Certificates/Import can automatically set the Certificate Type in the Policy tree. The change only occurs, when a user has not previously set the Certificate Type. For more information, see Overview of certificate types.

Certificate Type is based on certificate values:

  • Server Certificate Type: The certificate Extended Key Usage (EKU) is Server Authentication, Code Signing, Online Certificate Status Protocol (OCSP), Server-based Certificate Validation Protocol (SCVP), or Timestamp.
  • User Certificate Type:
    • The certificate EKU is Smartcard.
    • The EKU is not set to Server Authentication or Code Signing.
    • "The certificate principal is identified by at least one UPN or RFC822 (email) Subject Alternate Name (SAN).
  • Client Device Certificate Type: The certificate EKU and SAN do not match any of the values for server or user certificate types.

To add Certificate and Device objects, Certificate Import uses Type and EKU values